Forum Discussion

rafaelbn_176840's avatar
rafaelbn_176840
Icon for Altocumulus rankAltocumulus
Jan 27, 2019

BIG-IP i2800 got hacked due to default password

Hello devs!

 

I got to a BIG-IP today that had a public IPv4 directly attached to it. And the client enabled "allow-service default" on it. And obviously he forgot to change the default password and some bot-net got hold of it, and the box was owned.

 

I now... It's stupid and sad. I know...

 

I asked them to fully disconnect all its ports so the bot cannot go any further.

 

In my mind, the way to go would be a full disk erase and re-install from scratch, meaning:

 

A- Disk erase utility - https://support.f5.com/csp/article/K15521 B- Full re-install - https://support.f5.com/csp/article/K13117

 

I have two questions:

 

1- Would disk erase be necessary? Because I think the full re-install already wipes the entire disk? 2- Will I have issues with the license? Since this is a i2800, I think that the license won't change, right?

 

Thanks! Rafael

 

3 Replies

  • Hi,

     

    This can happen to the best ;-)

     

    Before the re-install copy and past the license key. And a full re-install (from usb disk) will do the trick. And it has no impact on the license, the serial number of the unit won't change during the re-install.

     

    Cheers,

     

    Kees

     

    • rafaelbn's avatar
      rafaelbn
      Icon for Cirrostratus rankCirrostratus

      Yep! And that was one of our mistakes...